Всем доброго времени суток! Вопрос в следующем: каким образом программа DeviceLock перехватывает обращение к устройствам?
Самозащита видимо. Code: NtCreateKey Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS NtDeleteKey Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS NtDeleteValueKey Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS NtEnumerateValueKey Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS NtMapViewOfSection Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS NtOpenKey Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS NtOpenProcess Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS NtOpenThread Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS NtQueryMultipleValueKey Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS NtQueryValueKey Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS NtSetValueKey Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS NtTerminateProcess Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS NtTerminateThread Hooked by: C:\WINDOWS\System32\Drivers\DeviceLockDriverHlpExtG4.SYS Налицо хак ядра Code: ntoskrnl.exe+0x000201D2, Type: Inline - RelativeJump 0x804F01D2 [ntoskrnl.exe] ntoskrnl.exe+0x0002C7D4, Type: Inline - PushRet 0x804FC7D4 [unknown_code_page] ntoskrnl.exe+0x0002C80C, Type: Inline - RelativeJump 0x804FC80C [ntoskrnl.exe] ntoskrnl.exe+0x0002C8A8, Type: Inline - PushRet 0x804FC8A8 [unknown_code_page] kernel callback Code: CreateThread + LoadImage Во всем виноват драйвер